Two Bitcoin researchers say they have found a way to steal funds from the BTC Lightning Network. Researchers Jon Harris and Aviv Zohar, both from Israel’s Hebrew University, said researchers called Flood and Loot: A systemic attack on the Lightning Network said attackers could use a bottleneck in the system to drain money. A bottleneck is an overload point when a load comes too fast for the system to handle the process.
How does the Lightning Network attack work?
The BTC Lightning Network is a payment channel located on the bitcoin blockchain’s surface (second layer). It speeds up and reduces the cost of transactions by only partially confirming them. It can take a long time to confirm purchases fully. In LN, users can send payments through nodes. And these intermediate nodes may try to steal the Bitcoins, but they would only have a short time to do so. However, hackers can extend this time frame by flooding the network. In the attack on bitcoin lightning network, described in detail by Jon Harris, a master’s student, and associate professor Aviv Zohar, “the attacker forces many victims at once to flood the blockchain with demands for their resources. He can then use the congestion he creates to steal all the funds that were not claimed before the deadline.”
Can this attack be prevented?
The researchers assumed that the attacker must attack 85 channels simultaneously to earn some money. They also point out that it is quite natural for them to find unsuspecting victims. And all the nodes have to do is open the channel with the attacker.
“We have found that the vast majority of active nodes (more than 95%) are willing to open a channel on demand and are therefore prone to fall victim to our attack,” the researchers wrote.
How to solve it? Adjacent channels sooner, reduce bottlenecks, make it harder for hackers to spam networks, and figure out ways to identify hackers before they attack.
“We believe that exploitable vulnerabilities are in many ways linked to the way the bitcoin Lightning Network works. Therefore, the attack cannot be avoided entirely without significant modifications, “they wrote.
This new method seems very useful. Therefore, the researchers shared their research work with the developers of the three major bitcoin Lightning Network implementations before its publication. It remains to be seen whether a defense can be developed against this attack. It’s only a matter of time before a hacker Flood and Loot tries an attack.